CVE-2023-23835

Name of the Vulnerable Software and Affected Versions Mendix versions prior to 7.23.34 Mendix versions prior to 8.18.23 Mendix versions prior to 9.22.0 Mendix 9.12 versions prior to 9.12.10 Mendix 9.18 versions prior to 9.18.4 Mendix 9.6 versions prior to 9.6.15

Description The issue is related to inadequate access control in the Mendix platform, which can be exploited by a remote attacker to disclose protected information using XPath queries. Some Mendix runtime APIs allow attackers to bypass XPath constraints and retrieve information by triggering errors with XPath queries.

Recommendations For Mendix versions prior to 7.23.34, update to version 7.23.34 or later. For Mendix versions prior to 8.18.23, update to version 8.18.23 or later. For Mendix versions prior to 9.22.0, update to version 9.22.0 or later. For Mendix 9.12 versions prior to 9.12.10, update to version 9.12.10 or later. For Mendix 9.18 versions prior to 9.18.4, update to version 9.18.4 or later. For Mendix 9.6 versions prior to 9.6.15, update to version 9.6.15 or later.